WRITEUP #4794

Account Takeover Flow In Mail.ru ‘s Ext.A Domain [ $150 ]

Logic BugLogic flawAccount takeover

by@myominthu1337(Myo Min Thu)

Bounty

150

Program

Published

Mar 26, 2020

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://web.archive.org/web/20200511145923/https://medium.com/@godofdarkness.msf/account-takeover-flow-in-mail-ru-s-ext-a-domain-150-8952e8078211

▸ RELATED WRITEUPS

Logic Flaw: I Can Block You from Accessing Your Own Account

Logic BugLogic flaw

“Like” Bypass on Customer Reviews — €500 bounty

Logic BugLogic flaw

Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP

Auth BypassAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

XSSSelf-XSS

Built with ❤️ by Shubham Rawat